Digital goods (e.g., software products, data, content, etc.) are often distributed to consumers via fixed computer readable media, such as a compact disc (CD-ROM), digital versatile disc (DVD), soft magnetic diskette, or hard magnetic disk (e.g., a preloaded hard drive). More recently, more and more content is being delivered in digital form online over private and public networks, such as Intranets and the Internet. Online delivery improves timeliness and convenience for the user, as well as reduces delivery costs for a publisher or developers. Unfortunately, these worthwhile attributes are often outweighed in the minds of the publishers/developers by a corresponding disadvantage that online information delivery makes it relatively easy to obtain pristine digital content and to pirate the content at the expense and harm of the publisher/developer.
One concern of the publisher/developer is the ability to check digital content, after distribution, for alteration. Such checking is often referred to as SRI (Software Resistance to Interference). The reasoning for the desire to check for such alterations can vary (e.g., to ensure that the content continues to operate as intended by the publisher/developer, to protect against improper copying, etc.).
The unusual property of content is that the publisher/developer (or reseller) gives or sells the content to a client, but continues to restrict rights to use the content even after the content is under the sole physical control of the client. For instance, a software developer typically sells a limited license in a software product that permits a user to load and run the software product on one or more machines (depending upon the license terms), as well as make a back up copy. The user is typically not permitted to make unlimited copies or redistribute the software to others.
These scenarios reveal a peculiar arrangement. The user that possesses the digital bits often does not have full rights to their use; instead, the provider retains at least some of the rights. In a very real sense, the legitimate user of a computer can be an adversary of the data or content provider.
DRM Techniques
One of the uses for SRI (Software Resistance to Interference) is to provide “digital rights management” (or “DRM”) tamper-resistance (i.e., protection) to prevent unauthorized modification, distribution, copying, and/or illegal operation of, or access to the digital goods. An ideal digital goods distribution system would substantially prevent unauthorized modification/distribution/use of the digital goods.
Digital rights management is fast becoming a central requirement if online commerce is to continue its rapid growth. Content providers and the computer industry must quickly address technologies and protocols for ensuring that digital goods are properly handled in accordance with the rights granted by the developer/publisher. If measures are not taken, traditional content providers may be put out of business by widespread theft or, more likely, will refuse altogether to deliver content online.
Various DRM techniques have been developed and employed in an attempt to thwart potential pirates from illegally copying or otherwise distributing the digital goods to others.
Original Media Required
For example, one conventional DRM technique includes requiring the consumer to insert the original CD-ROM or DVD for ascertainment prior to enabling the operation of a related copy of the digital good. Unfortunately, this DRM technique typically places an unwelcome burden on the honest consumer, especially those concerned with speed and productivity. Moreover, such techniques are impracticable for digital goods that are site licensed, such as software products that are licensed for use by several computers, and/or for digital goods that are downloaded directly to a computer. Additionally, it is not overly difficult for unscrupulous individuals/organizations to produce working pirated copies of the CD-ROM.
Registration
Another conventional DRM technique includes requiring or otherwise encouraging the consumer to register the digital good with the provider. For example, this is often done either through the mail or online via the Internet or a direct connection. Thus, the digital good may require the consumer to enter a registration code before allowing the digital good to be fully operational or the digital content to be fully accessed. Unfortunately, such DRM techniques are not typically effective since unscrupulous individuals/organizations need only undermine the DRM protections in a single copy of the digital good. Once broken, copies of the digital good can be illegally distributed; hence, such DRM techniques are considered to be Break-Once, Run-Everywhere (BORE) susceptible. Various techniques may be used to overcome some of the BORE susceptible, such as per-user software individualization, watermarks, etc. However, a malicious user may still be able to identify and remove from the digital good these various protections.
Code Obfuscation
Still another DRM technique is an emerging one called “code obfuscation” or “code scrambling.” Code obfuscation is described, to some degree, in the following co-pending patent applications (all of which are assigned to the Microsoft Corporation):                U.S. patent application Ser. No. 09/670,916, entitled “Code Integrity Verification that Includes One or More Cycles” filed on Sep. 29, 2000;        U.S. patent application Ser. No. 09/536,033, entitled “System and Method for Protecting Digital Goods using Random and Automatic Code Obfuscation” filed on Mar. 27, 2000;        U.S. patent application Ser. No. 09/651,424, entitled “Method and System for Using a Portion of a Digital Good as a Substitution Box” filed on Aug. 30, 2000; and        U.S. patent application Ser. No. 09/651,901, entitled “Protecting Digital Goods using Oblivious Checking” filed on Aug. 30, 2000.        
Code obfuscation thwarts would-be software pirate's attempt to attack the licensing provisions in digital goods (such as software). It also thwarts malicious would-be interlopers when they attempt to modify the security portions of such digital goods. In either case, existing code obfuscation techniques complicate an attacker's attempt to locate and identify specific portions of code within a software program (such as the operating system or an application).
Code obfuscation techniques effectively “hide” (i.e., obfuscate) or “scramble” the underlying code of a digital good, thereby making it difficult for a would-be attacker to locate and identify portions of the code.
Although it may be difficult, an attacker may be able to overcome code obfuscation. For example, an attacker can track the execution instance of the software program to identify where and when specific actions are performed. Once an attacker identifies and locates specific portions of code, she may modify it. Conventional code obfuscation cannot prevent code modification. Conventional code obfuscation cannot detect when code has been modified.
Code Modification
As stated above, the publisher/developer would like the ability to check digital content, after distribution, for alteration. The reasons for checking for such alterations may vary (e.g., to ensure that the content continues to operate as intended by the publisher/developer, to protect against improper copying, etc.). However, conventional DRM techniques do not actually check for alteration of digital content, such as software code.
Strictly speaking, conventional DRM techniques are chiefly designed to complicate code analysis by the digital pirate. They erect barriers and obstacles to unauthorized use of the software and/or unauthorized access the underlying code. However, they cannot detect code modification (i.e., alternation).
Accordingly, there is a challenge for a DRM technique to increase tamper resistance by detecting code modification without imposing unnecessary and burdensome requirements on legitimate users.
Remote Code Ascertainment
“Remote code ascertainment” is another realm that lacks the capability to effectively detect code modifications. A generic example of “remote code ascertainment” is the following: a computing entity (e.g., server) can ensure that only authorized (e.g., unaltered) computing entities (e.g., a client software program) connect via a remote coupling and that such remote entities remain free from tampering. This is also called: “persistent remote authentication.”
Some systems, such as those employing Internet instant-messaging systems, include a small, simple client program that connects to a secure server over a network. Deployers of such systems may require that only authorized, unmodified client software use the servers.
How does the server in such a system ascertain that the client software with which it is communicating is unmodified, unaltered, unadulterated, untainted, etc. by the devious hands of malicious would-be infiltrator? The issue here is not whether the proper security protocol is followed and the proper security information is provided. Rather the issue is whether the server can be certain that the security features of the client software have not be hijacked by a malicious would-be infiltrator.
Generally speaking, for an experienced software expert, it is not particularly difficult to reverse engineer the client-server communications. Therefore, an attacker can create a fully functional but unauthorized client program. Moreover, an attacker can patch the original code or data of authorized client software to instruct it to perform unauthorized and undesirable actions.
Traditional authentication protocols do not address the problem described. Unauthorized parties can reverse engineer such protocols and write new software to implement them. An attacker can modify a client program's code or data without changing its implementation of an authentication protocol. Traditional protocols do not address code tampering.
Accordingly, there is a challenge for a technique to confirm the veracity of a remote software program. Conventionally, it is a challenge to effectively thwart maliciously modified programs from harming a network system by preventing their initial passage through the security layers by masquerading as the original and unaltered program.
The Challenge of Accurately Detecting Code Modification
Accordingly, it is a challenge for a technique to address the concerns of the publisher/developer in protecting their rights in a digital good, such as software. Specifically, it is a challenge for to detect an alteration of the digital content without imposing unnecessary and burdensome requirements on legitimate users.
Furthermore, it is a challenge for to test the veracity of a remote software program. Specifically, it is a challenge for to detect a modified program so that it cannot impersonate the original and unaltered program.